Bug 42817 - Web Inspector: don't grant universal access to inspector front-end page
Summary: Web Inspector: don't grant universal access to inspector front-end page
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-22 04:47 PDT by Andrey Kosyakov
Modified: 2010-07-22 09:39 PDT (History)
9 users (show)

See Also:

Attachments
patch (2.72 KB, patch)
2010-07-22 04:50 PDT, Andrey Kosyakov 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Kosyakov 2010-07-22 04:47:34 PDT 
We used to call SecurityOrigin::grantUniversalAccess() for inspector front-end page. This does not seem to be necessary anymore, so I suggest to remove it for slightly tighter security control.
Comment 1 Andrey Kosyakov 2010-07-22 04:50:54 PDT 
Created attachment 62286 [details]
patch
Comment 2 Yury Semikhatsky 2010-07-22 05:39:07 PDT 
Comment on attachment 62286 [details]
patch

WebKit/chromium/src/WebDevToolsFrontendImpl.cpp: 
 +      SecurityOrigin* origin = m_webViewImpl->page()->mainFrame()->domWindow()->securityOrigin();
IIRC we needed this to be able to set iframe content.  It shouldn't be necessary with new SourceFrame implementation.
Comment 3 WebKit Commit Bot 2010-07-22 09:39:49 PDT 
Comment on attachment 62286 [details]
patch

Clearing flags on attachment: 62286

Committed r63896: <http://trac.webkit.org/changeset/63896>
Comment 4 WebKit Commit Bot 2010-07-22 09:39:54 PDT 
All reviewed patches have been landed.  Closing bug.